Network Scanner

1.First three modes are run in parallel. Repeated inquiring of already inquired stations is not performed.

2.After ICMP search is complete, the TCP search is launched for stations that have not responded. If ICMP search is disabled, TCP search is launched immediately in parallel with first two modes.

ICMP search is implemented by sending ping requests that can be blocked because of network policies (e.g. by firewall settings).

For example:

If in Windows Vista and later OS network settings, the Public location options is set, OS will block all ping requests.

3.For stations found by search via the first four modes, the Agent detect search is launched.

Network Scanner can detect Agents of version 4.44 and older but cannot interact with Agents of earlier versions.

The Agent installed on a protected stations process respective calls of Network Scanner received at a certain port. By default, port udp/2193 is used. Correspondingly, the default port is offered to call by the Scanner. Network Scanner decides whether the Agent is on a station or not basing on the assumption of the possibility to exchange information (request-response) via the specified port.

If the station is forbidden (for example, by a firewall) to accept packages at udp/2193, the Agent will not be detected and consequently Network Scanner considers that there is no Agent installed on the station.

1.Open the Network Scanner window: select the Administration item in the main menu of Dr.Web Security Control Center and in the opened window, select the Network Scanner item in the control menu. The Network Scanner window will be opened.

2.Set the Enable ICMP search flag to search for stations via ICMP protocol in range of specified IP addresses.

3.Set the Enable TCP search flag to search for stations via TCP protocol in range of specified IP addresses.

•Quick scan. In the quick network scan mode, only most common ports on stations are checked: 445, 139, 22, 80.

•Extended scan. In the extended network scan mode, a set of frequently used ports are checked. The ports are scanned in the specified order: 445, 139, 135, 1025, 1027, 3389, 22, 80, 443, 25, 21, 7, 19, 53, 110, 115, 123, 220, 464, 465, 515, 873, 990, 993, 995, 1194, 1433, 1434, 2049, 3306, 3690, 4899, 5222, 5269, 5432, 6000, 6001, 6002, 6003, 6004, 6005, 6006, 6007, 6446, 9101, 9102, 9103, 10050, 10051, 8080, 8081, 98, 2193, 8090, 8091, 24554, 60177, 60179.

4.Set the flag Enable search by NetBIOS to search for stations via NetBIOS protocol.

•Domains—domains list in which stations are searched. Use comma to divide several domains.

•Set the flag Extended scan to use extended scan using data from network browsers.

5.Set the flag Enable search in Active Directory to search for stations in the Active Directory domain.

To be able to search stations in the Active Directory domain via the Network Scanner, the web browser in which the Control Center is opened, must be launched in the name of the domain user with permissions to search objects in the Active Directory domain.

Searching for stations in the Active Directory domain is performed only using the secure ldaps protocol.

•Active Directory controller—Active Directory controller, e.g. dc.example.com.

For the Servers under Windows OS, settings of Active Directory search are not obligatory. Information of a user on whose behalf the Server process is run (usually, it is LocalSystem) is used as a default registration information.

For the Servers under UNIX system-based OS, the settings must be obligatory specified.

•In the Connection security drop-down list, select the type of encrypted data exchange:

▫STARTTLS—switching to secured connection is performed by using the STARTTLS command. The 25 port is used by default for the connection.

▫SSL/TLS—establish a new secured TLS connection. The 465 port is used by default for the connection.

▫No—do not use encryption. Data exchange will be over an unprotected connection.

6.In the General parameters section, specify common settings for all search modes:

•Number of requests to one station—maximum number of requests to one station waiting for the answer.

•Number of simultaneous requests—maximum number of stations for simultaneous requests.

•Set the Show station names flag to display either IP address and DNS name of found stations. If a station is not registered at DNS server, only its IP address displays.

If the Detect installed Agent option is disabled, all found stations will have the state, i.e. the state of anti-virus software on a station is unknown.

•Port—UDP protocol port number to call the Agent during the search. The range is 1-65535. The 2193 port is used by default.

8.The list of computers demonstrating where Dr.Web Enterprise Security Suite anti-virus software is installed will be loaded into this window.

Unfold the catalog elements corresponding to workgroups (domains). All elements of the catalog corresponding to workgroups and individual stations are marked with different icons the meaning of which is given below:

Icon	Description
Workgroups
	The work groups containing inter alia computers on which Dr.Web Enterprise Security Suite anti-virus software can be installed.
	Other groups containing protected or unavailable by network computers.
Workstations
	Active station with installed anti-virus software.
	Active station with unknown state of anti-virus software: there is no anti-virus software on a station or software detection was not perform.

You can also unfold catalog items corresponding to computers with the

icon, and check which program components are installed there.